» fh5721.tmp
Overview
Analysis
File Details
Downloads (3)

fh5721.tmp

Yordan Damyanov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file fh5721.tmp by Yordan Damyanov has been detected as adware by 18 anti-malware scanners. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.golgool.info and multiple other hosts.

File name:

fh5721.tmp

Publisher:

Yordan Damyanov (signed and verified)

MD5:

630edfe341fdce75072e228481a50813

SHA-1:

28d92615b63de782474e31581987b1ff6b88a4ba

SHA-256:

bcad2193469f645dd993d99179fe185e62b54f4739df5d85dd40ad1e12653611

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

5/27/2024 12:39:48 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.113278

808

Avira AntiVirus

TR/Spy.Agent.1984072

7.11.183.134

avast!

Win32:Dropper-gen [Drp]

2014.9-141118

Baidu Antivirus

Adware.Win32.Vonteera

4.0.3.141118

Bitdefender

Gen:Variant.Zusy.113278

1.0.20.1610

Comodo Security

ApplicUnwnt

20007

Emsisoft Anti-Malware

Gen:Variant.Zusy.113278

8.14.11.18.06

ESET NOD32

Win32/AdWare.Vonteera (variant)

8.10682

Fortinet FortiGate

W32/Adond.K!tr

11/18/2014

F-Secure

Gen:Variant.Zusy.113278

11.2014-18-11_3

G Data

Gen:Variant.Zusy.113278

14.11.24

Kaspersky

Trojan.Win32.Adond

14.0.0.2926

McAfee

Artemis!630EDFE341FD

5600.6942

MicroWorld eScan

Gen:Trojan.Heur2.RP.5zXaaKUddZni

15.0.0.966

NANO AntiVirus

Trojan.Win32.Adond.dibvdc

0.28.6.62995

Reason Heuristics

PUP.YordanDamyanov.J

14.11.18.18

Sophos

Vonteera

4.98

VIPRE Antivirus

Trojan.Win32.Generic

34566

File size:

1.9 MB (1,984,072 bytes)

Common path:

C:\users\{user}\appdata\local\temp\fh5721.tmp

Digital Signature

Signed by:

Yordan Damyanov

Authority:

COMODO CA Limited

Valid from:

10/7/2013 3:00:00 AM

Valid to:

10/8/2015 2:59:59 AM

Subject:

CN=Yordan Damyanov, O=Yordan Damyanov, STREET=19 Dobri Voinikov Str, L=Sofia, S=Sofia, PostalCode=1000, C=BG

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FEEF0D77D0AC7E55D4E7707B384AC901

File PE Metadata

Compilation timestamp:

11/3/2014 12:38:36 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:HBsrURF91w/85rDdX5l44tBGgtsyrWt6RrxN/wXQHh6K:HmQRX1prDB5dogCWK6nKXs6K

Entry address:

0x1461000

Entry point:

56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 10, 16, 00, 2D, E0, C5, 97, 05, 05, D7, C5, 97, 05, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, F5, 0C, 64, 78, 68, 02, 20, FB, 4A, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 2F, E4, 43, 01, 61, D8, D6, 70, AD, 13, 34, 00, 37, 9E, 06, A2... 
[+]

Entropy:

7.9713 (probably packed)

Code size:

169.5 KB (173,568 bytes)

The file fh5721.tmp has been seen being distributed by the following 3 URLs.

http://www.golgool.info/.../e5af9681c7.exe

http://www.golgool.info/.../40f87ae4cd.exe

http://www.golgool.info/.../be9b76b861.exe

Remove fh5721.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.